Skip to content

Commit 7ab6bf0

Browse files
rishav-karanjitrishav-karanjit
authored
Merge branch 'main' into mplbump
2 parents 58df075 + 5a2569a commit 7ab6bf0

File tree

12 files changed

+383
-174
lines changed

12 files changed

+383
-174
lines changed

DynamoDbEncryption/runtimes/rust/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "aws-db-esdk"
3-
version = "1.1.1"
3+
version = "1.2.0"
44
edition = "2021"
55
rust-version = "1.86.0"
66
keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]

DynamoDbEncryption/runtimes/rust/start_release.sh

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,10 @@ echo
2525
echo
2626
sleep 2
2727

28+
VERSION=$1
29+
2830
# Update the version in Cargo.toml
29-
perl -pe "s/^version = .*$/version = \"$1\"/" < Cargo.toml > new_Cargo.toml
31+
perl -pe "s/^version = .*$/version = \"$VERSION\"/" < Cargo.toml > new_Cargo.toml
3032
mv new_Cargo.toml Cargo.toml
3133

3234
set -v
@@ -78,3 +80,13 @@ cargo run --example main
7880

7981
# Remove Cargo.lock and .pem files after testing the examples
8082
rm -f Cargo.lock *.pem
83+
84+
set +v
85+
86+
echo
87+
echo Next Steps:
88+
echo cd $(realpath ${PWD}/../../../releases/rust/db_esdk)
89+
echo Make a PR
90+
echo Get it merged
91+
echo cargo publish
92+
echo

releases/rust/db_esdk/Cargo.toml

Lines changed: 18 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
[package]
22
name = "aws-db-esdk"
3-
version = "1.1.1"
3+
version = "1.2.0"
44
edition = "2021"
5-
rust-version = "1.81.0"
5+
rust-version = "1.86.0"
66
keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
77
license = "ISC AND (Apache-2.0 OR ISC)"
88
description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,20 +16,26 @@ readme = "README.md"
1616
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
1717

1818
[dependencies]
19-
aws-config = "1.6.3"
20-
aws-lc-rs = "1.13.1"
21-
aws-lc-sys = "0.29.0"
22-
aws-sdk-dynamodb = "1.73.0"
23-
aws-sdk-kms = "1.67.0"
24-
aws-smithy-runtime-api = {version = "1.8.0", features = ["client"] }
25-
aws-smithy-types = "1.3.1"
19+
aws-config = "1.8.5"
20+
aws-lc-rs = {version = "1.13.3"}
21+
aws-lc-sys = { version = "0.30", optional = true }
22+
aws-lc-fips-sys = { version = "0.13", optional = true }
23+
aws-sdk-dynamodb = "1.90.0"
24+
aws-sdk-kms = "1.84.0"
25+
aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
26+
aws-smithy-types = "1.3.2"
2627
chrono = "0.4.41"
2728
cpu-time = "1.0.0"
28-
dafny-runtime = { version = "0.3.1", features = ["sync", "small-int"] }
2929
dashmap = "6.1.0"
3030
pem = "3.0.5"
31-
tokio = {version = "1.45.1", features = ["full"] }
32-
uuid = { version = "1.17.0", features = ["v4"] }
31+
tokio = {version = "1.47.1", features = ["full"] }
32+
uuid = { version = "1.18.0", features = ["v4"] }
33+
dafny-runtime = { version = "0.3.1", features = ["sync", "small-int"] }
3334

3435
[[example]]
3536
name = "main"
37+
38+
[features]
39+
fips = ["aws-lc-rs/fips", "dep:aws-lc-fips-sys"]
40+
non-fips = ["aws-lc-rs/aws-lc-sys", "dep:aws-lc-sys"]
41+
default = ["non-fips"]

releases/rust/db_esdk/src/aes_gcm.rs

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -73,13 +73,13 @@ impl AES_GCM {
7373
) -> Result<DoAESEncryptOutput, String> {
7474
let alg = self.get_alg()?;
7575
let mut in_out_buffer = Vec::from(msg);
76-
let key = UnboundKey::new(alg, key).map_err(|e| format!("new {:?}", e))?;
76+
let key = UnboundKey::new(alg, key).map_err(|e| format!("new {e:?}"))?;
7777
let nonce = Nonce::assume_unique_for_key(iv.try_into().unwrap());
7878
let key = LessSafeKey::new(key);
7979
let aad = Aad::from(aad);
8080
let tag = key
8181
.seal_in_place_separate_tag(nonce, aad, &mut in_out_buffer)
82-
.map_err(|e| format!("Seal {:?}", e))?;
82+
.map_err(|e| format!("Seal {e:?}"))?;
8383
Ok(DoAESEncryptOutput {
8484
cipher_text: in_out_buffer,
8585
auth_tag: Vec::from(tag.as_ref()),
@@ -96,12 +96,12 @@ impl AES_GCM {
9696
) -> Result<Vec<u8>, String> {
9797
let alg = self.get_alg()?;
9898
let mut out_buffer = Vec::from(cipher_text);
99-
let key = UnboundKey::new(alg, key).map_err(|e| format!("new {:?}", e))?;
99+
let key = UnboundKey::new(alg, key).map_err(|e| format!("new {e:?}"))?;
100100
let nonce = Nonce::assume_unique_for_key(iv.try_into().unwrap());
101101
let key = LessSafeKey::new(key);
102102
let aad = Aad::from(aad);
103103
key.open_separate_gather(nonce, aad, cipher_text, auth_tag, &mut out_buffer)
104-
.map_err(|e| format!("gather {:?}", e))?;
104+
.map_err(|e| format!("gather {e:?}"))?;
105105
Ok(out_buffer)
106106
}
107107

@@ -143,7 +143,7 @@ impl AES_GCM {
143143
}),
144144
}),
145145
Err(e) => {
146-
let msg = format!("AES Encrypt : {}", e);
146+
let msg = format!("AES Encrypt : {e}");
147147
enc_result(&msg)
148148
}
149149
}
@@ -196,7 +196,7 @@ impl AES_GCM {
196196
value: dafny_runtime::Sequence::from_array_owned(x),
197197
}),
198198
Err(e) => {
199-
let msg = format!("AES Decrypt : {}", e);
199+
let msg = format!("AES Decrypt : {e}");
200200
dec_result(&msg)
201201
}
202202
}
@@ -229,7 +229,7 @@ mod tests {
229229
let cipher = match &*alg.AESEncryptExtern(&iv, &key, &msg, &aad) {
230230
_Wrappers_Compile::Result::Success { value } => value.clone(),
231231
_Wrappers_Compile::Result::Failure { error } => {
232-
panic!("AESEncryptExtern Failed : {:?}", error);
232+
panic!("AESEncryptExtern Failed : {error:?}");
233233
}
234234
};
235235

@@ -240,10 +240,10 @@ mod tests {
240240
} => (cipherText, authTag),
241241
};
242242

243-
let output = match &*alg.AESDecryptExtern(&key, &cipher_text, &auth_tag, &iv, &aad) {
243+
let output = match &*alg.AESDecryptExtern(&key, cipher_text, auth_tag, &iv, &aad) {
244244
_Wrappers_Compile::Result::Success { value } => value.clone(),
245245
_Wrappers_Compile::Result::Failure { error } => {
246-
panic!("AESEncryptExtern Failed : {:?}", error);
246+
panic!("AESEncryptExtern Failed : {error:?}");
247247
}
248248
};
249249

releases/rust/db_esdk/src/aes_kdf_ctr.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,13 @@ pub mod AesKdfCtr {
3636

3737
let mut in_out_buffer = vec![0; length as usize];
3838

39-
let key = UnboundCipherKey::new(&AES_256, key).map_err(|e| format!("new {:?}", e))?;
40-
let encrypting_key = EncryptingKey::ctr(key).map_err(|e| format!("new {:?}", e))?;
39+
let key = UnboundCipherKey::new(&AES_256, key).map_err(|e| format!("new {e:?}"))?;
40+
let encrypting_key = EncryptingKey::ctr(key).map_err(|e| format!("new {e:?}"))?;
4141
let nonce = aws_lc_rs::iv::FixedLength::<16>::from(as_array(nonce));
4242
let context = EncryptionContext::Iv128(nonce);
4343
encrypting_key
4444
.less_safe_encrypt(&mut in_out_buffer, context)
45-
.map_err(|e| format!("new {:?}", e))?;
45+
.map_err(|e| format!("new {e:?}"))?;
4646
Ok(in_out_buffer)
4747
}
4848

@@ -65,7 +65,7 @@ pub mod AesKdfCtr {
6565
value: dafny_runtime::Sequence::from_array_owned(x),
6666
}),
6767
Err(e) => {
68-
let msg = format!("Aes Kdf Ctr : {}", e);
68+
let msg = format!("Aes Kdf Ctr : {e}");
6969
Rc::new(_Wrappers_Compile::Result::Failure { error: error(&msg) })
7070
}
7171
}

releases/rust/db_esdk/src/dafny_libraries.rs

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,9 @@ pub mod DafnyLibraries {
1717
}
1818

1919
impl<K: ::dafny_runtime::DafnyTypeEq, V: ::dafny_runtime::DafnyTypeEq> MutableMap<K, V> {
20-
pub fn _allocate_object() -> ::dafny_runtime::Object<Self> {
20+
// bytesKeys should be set using ctor but it does not because of Dafny bug
21+
// https://github.com/dafny-lang/dafny/issues/6333
22+
pub fn _allocate_object(_bytes_keys: bool) -> ::dafny_runtime::Object<Self> {
2123
::dafny_runtime::Object::new(MutableMap {
2224
map: DashMap::new(),
2325
})

releases/rust/db_esdk/src/deps/aws_cryptography_materialProviders/validation.rs

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1706,119 +1706,119 @@ pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput
17061706
))?;
17071707
Ok(())
17081708
}
1709-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsHierarchicalKeyring(
1709+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateRawEcdhKeyring(
17101710
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17111711
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17121712
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17131713
input.clone(),
17141714
))?;
17151715
Ok(())
17161716
}
1717-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateRawAesKeyring(
1717+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsKeyring(
17181718
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17191719
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17201720
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17211721
input.clone(),
17221722
))?;
17231723
Ok(())
17241724
}
1725-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsKeyring(
1725+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsHierarchicalKeyring(
17261726
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17271727
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17281728
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17291729
input.clone(),
17301730
))?;
17311731
Ok(())
17321732
}
1733-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkDiscoveryKeyring(
1733+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateRawRsaKeyring(
17341734
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17351735
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17361736
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17371737
input.clone(),
17381738
))?;
17391739
Ok(())
17401740
}
1741-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateRawRsaKeyring(
1741+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkDiscoveryKeyring(
17421742
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17431743
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17441744
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17451745
input.clone(),
17461746
))?;
17471747
Ok(())
17481748
}
1749-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateRawEcdhKeyring(
1749+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateRawAesKeyring(
17501750
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17511751
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17521752
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17531753
input.clone(),
17541754
))?;
17551755
Ok(())
17561756
}
1757-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkMultiKeyring(
1757+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkKeyring(
17581758
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17591759
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17601760
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17611761
input.clone(),
17621762
))?;
17631763
Ok(())
17641764
}
1765-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkKeyring(
1765+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsRsaKeyring(
17661766
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17671767
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17681768
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17691769
input.clone(),
17701770
))?;
17711771
Ok(())
17721772
}
1773-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsDiscoveryMultiKeyring(
1773+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsDiscoveryKeyring(
17741774
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17751775
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17761776
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17771777
input.clone(),
17781778
))?;
17791779
Ok(())
17801780
}
1781-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateMultiKeyring(
1781+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkMultiKeyring(
17821782
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17831783
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17841784
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17851785
input.clone(),
17861786
))?;
17871787
Ok(())
17881788
}
1789-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkDiscoveryMultiKeyring(
1789+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsDiscoveryMultiKeyring(
17901790
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17911791
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
17921792
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
17931793
input.clone(),
17941794
))?;
17951795
Ok(())
17961796
}
1797-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsRsaKeyring(
1797+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsEcdhKeyring(
17981798
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
17991799
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
18001800
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
18011801
input.clone(),
18021802
))?;
18031803
Ok(())
18041804
}
1805-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsDiscoveryKeyring(
1805+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMultiKeyring(
18061806
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
18071807
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
18081808
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
18091809
input.clone(),
18101810
))?;
18111811
Ok(())
18121812
}
1813-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMultiKeyring(
1813+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateMultiKeyring(
18141814
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
18151815
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
18161816
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(
18171817
input.clone(),
18181818
))?;
18191819
Ok(())
18201820
}
1821-
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsEcdhKeyring(
1821+
pub(crate) fn validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_for_AwsCryptographicMaterialProviders_CreateAwsKmsMrkDiscoveryMultiKeyring(
18221822
input: &crate::deps::aws_cryptography_materialProviders::types::keyring::KeyringRef,
18231823
) -> ::std::result::Result<(), ::aws_smithy_types::error::operation::BuildError> {
18241824
validate_aws_Pcryptography_PmaterialProviders_HCreateKeyringOutput_Dkeyring(&Some(

0 commit comments

Comments
 (0)